Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/oamEi1A-KBY8GVclYccImjfGOc8.roa
File:                     oamEi1A-KBY8GVclYccImjfGOc8.roa (raw, json)
Hash identifier:          dqtHBg5keaMpg9Jz6mXm/BL3a9/OZKh/l6rVnmCzAOQ=
Subject key identifier:   A1:A9:84:8B:50:3E:28:16:3C:19:57:25:61:C7:08:9A:37:C6:39:CF
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018DE50D925E8700AD2F97F29C2729FFC2F4
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/oamEi1A-KBY8GVclYccImjfGOc8.roa
Signing time:             Mon 26 Feb 2024 10:54:48 +0000
ROA not before:           Mon 26 Feb 2024 10:54:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12325
IP address blocks:        89.46.128.0/22 maxlen: 24
                          89.46.232.0/21 maxlen: 24
                          93.115.9.0/24 maxlen: 24
                          93.115.104.0/22 maxlen: 24
                          93.118.36.0/24 maxlen: 24
                          93.119.154.0/24 maxlen: 24
                          185.18.224.0/23 maxlen: 24
                          188.215.40.0/22 maxlen: 24
                          188.241.220.0/23 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:e5:0d:92:5e:87:00:ad:2f:97:f2:9c:27:29:ff:c2:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Feb 26 10:54:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a1a9848b503e28163c19572561c7089a37c639cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:50:9d:6a:a8:61:92:52:86:3b:85:cd:d0:e2:
                    dd:84:c8:34:dc:39:c3:23:26:70:49:25:04:77:3d:
                    80:aa:3d:2f:38:79:25:11:24:a4:7f:0c:59:c4:bc:
                    8b:04:6d:50:0a:4e:e3:a3:f9:3f:4b:36:08:54:71:
                    d9:5e:95:3f:7b:c8:29:0a:f4:36:93:2d:02:75:47:
                    b8:51:6c:9b:dd:1e:56:a1:bb:0c:66:c7:f6:04:5b:
                    e7:37:12:24:7c:a4:28:a9:d8:12:b8:28:65:36:8e:
                    eb:23:ef:73:08:73:71:5e:c0:81:c0:82:be:7b:06:
                    1a:52:f9:da:85:51:6c:9b:2c:47:ab:a9:75:06:4f:
                    e5:4d:74:80:64:3d:d3:d4:64:b5:51:05:db:6b:06:
                    29:d3:d4:9d:77:12:51:3a:05:28:c3:36:83:ff:f6:
                    7f:62:64:2f:47:0a:3e:cb:f0:d5:eb:ec:66:d3:85:
                    03:af:ef:8f:05:f2:7e:71:4d:97:9a:73:04:56:67:
                    a5:c2:4e:76:b8:d3:a7:be:ab:c7:06:11:f1:ec:78:
                    32:40:99:b9:c5:3e:d2:a5:11:52:ce:9a:eb:f7:76:
                    e2:d7:40:cd:20:b8:90:b5:8c:6b:c4:0f:2e:ae:51:
                    f8:60:af:04:7c:1c:43:fe:8e:fe:f7:56:a1:8b:62:
                    ec:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:A9:84:8B:50:3E:28:16:3C:19:57:25:61:C7:08:9A:37:C6:39:CF
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/oamEi1A-KBY8GVclYccImjfGOc8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.46.128.0/22
                  89.46.232.0/21
                  93.115.9.0/24
                  93.115.104.0/22
                  93.118.36.0/24
                  93.119.154.0/24
                  185.18.224.0/23
                  188.215.40.0/22
                  188.241.220.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ad:76:e7:fe:75:6b:cd:ad:3e:f1:8c:a1:11:2f:80:df:ed:03:
         54:73:77:a5:8d:0d:5d:23:9b:fe:82:1f:3f:eb:83:54:aa:80:
         be:32:b5:cc:33:56:b7:16:57:79:f8:61:54:86:bf:0c:08:72:
         ff:f7:ca:bf:fa:24:5b:59:55:18:8e:1f:bf:f4:9b:b3:67:cb:
         d6:e2:14:68:fa:36:37:73:ee:f2:bf:31:d9:f8:b8:2d:6f:eb:
         5d:a9:36:7f:64:6d:98:ed:4f:f6:d3:ae:89:17:90:42:66:4d:
         f4:35:d5:0d:7d:d9:59:55:38:7b:20:ff:7a:05:43:41:07:8f:
         5c:f6:d8:d1:0c:5b:31:22:e3:6e:7e:1b:90:93:85:35:59:83:
         12:e3:fc:13:b1:2b:1c:1d:5c:91:9b:1a:70:2d:64:a8:b2:31:
         fb:57:76:18:27:83:9f:7c:b9:4a:40:3a:ae:a0:0a:4e:61:0e:
         f8:66:cc:ee:71:f9:e7:20:b2:e5:0b:0c:4c:eb:15:8c:2f:9b:
         3d:41:9c:d5:d0:4a:48:f8:f7:d9:1b:1a:d6:b0:9f:c5:96:be:
         20:77:1f:5e:02:34:af:bf:56:ce:7f:a7:e2:bb:cc:4c:72:6b:
         5c:e3:07:29:3a:f5:2e:94:01:cb:65:45:db:06:96:c3:ac:29:
         b0:da:5e:2c
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAY3lDZJehwCtL5fynCcp/8L0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMjI2MTA1NDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWE5ODQ4YjUwM2UyODE2M2MxOTU3MjU2MWM3MDg5YTM3YzYzOWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApFCdaqhhklKGO4XN0OLdhMg03DnD
IyZwSSUEdz2Aqj0vOHklESSkfwxZxLyLBG1QCk7jo/k/SzYIVHHZXpU/e8gpCvQ2
ky0CdUe4UWyb3R5WobsMZsf2BFvnNxIkfKQoqdgSuChlNo7rI+9zCHNxXsCBwIK+
ewYaUvnahVFsmyxHq6l1Bk/lTXSAZD3T1GS1UQXbawYp09SddxJROgUowzaD//Z/
YmQvRwo+y/DV6+xm04UDr++PBfJ+cU2XmnMEVmelwk52uNOnvqvHBhHx7HgyQJm5
xT7SpRFSzprr93bi10DNILiQtYxrxA8urlH4YK8EfBxD/o7+91ahi2LsDwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFKGphItQPigWPBlXJWHHCJo3xjnPMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL29hbUVpMUEtS0JZOEdWY2xZY2NJbWpmR09jOC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwTwYIKwYBBQUHAQcBAf8EQDA+MDwEAgABMDYDBAJZLoAD
BANZLugDBABdcwkDBAJdc2gDBABddiQDBABdd5oDBAG5EuADBAK81ygDBAG88dww
DQYJKoZIhvcNAQELBQADggEBAK125/51a82tPvGMoREvgN/tA1Rzd6WNDV0jm/6C
Hz/rg1SqgL4ytcwzVrcWV3n4YVSGvwwIcv/3yr/6JFtZVRiOH7/0m7Nny9biFGj6
Njdz7vK/Mdn4uC1v612pNn9kbZjtT/bTrokXkEJmTfQ11Q192VlVOHsg/3oFQ0EH
j1z22NEMWzEi425+G5CThTVZgxLj/BOxKxwdXJGbGnAtZKiyMftXdhgng598uUpA
Oq6gCk5hDvhmzO5x+ecgsuULDEzrFYwvmz1BnNXQSkj499kbGtawn8WWviB3H14C
NK+/Vs5/p+K7zExya1zjByk69S6UActlRdsGlsOsKbDaXiw=
-----END CERTIFICATE-----